<!--#include file="Config.asp"-->
<%
UserName=Trim(request("operator_name"))
UserPass=MD5(Trim(replace(request("operator_pwd"),"'","''")))

set rs = conn.execute("select * from [emp_staff] where emp_Name='"&UserName&"' and emp_Pass='"&UserPass&"' ") 'and UserState=1
if  not (rs.bof or rs.eof) then
'session.timeout = 50
session("emp_ID")=int(rs("emp_ID"))
session("emp_name")=Trim(rs("emp_Name"))
session("emp_DepID")=rs("emp_depid")
'将用户登录系统的时间和IP进行记录
ip=Request.ServerVariables ("REMOTE_ADDR")
set rslogin=server.createobject("adodb.recordset")
sqllogin="select * from emp_LogRecord where id is null"
rslogin.open sqllogin,conn,1,3
rslogin.addnew
rslogin("Logintime")=now()
rslogin("Loginip")=ip
rslogin("Username")=session("emp_name")
rslogin.update
rslogin.close
set rslogin= nothing
rs.close
'set rs = nothing
'response.redirect Request.ServerVariables("Http_referer")
response.redirect "index.asp"
else
response.write "<script language=javascript>"
response.write"alert('用户、密码或者部门错误！或者这个用户已经被禁止使用！');"
response.write"location.href='emp_Login.asp';"
response.write "</script>"
response.end
end if
'rs.close
set rs=nothing
set conn=nothing
%>
